The steps for configuring secure HTTP connections with the blueprint design server are
similar to the steps for any Java™ Platform, Enterprise Edition
server.
Before you begin
To set up SSL security, you must have a certificate for the blueprint design
server.
About this task
Because the blueprint design server runs on Apache Tomcat, you can refer to the
instructions for configuring security on Tomcat:
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Certificates. You
can enable SSL security for Apache Tomcat when you install the blueprint design server. If you
enable SSL security during installation, a self-signed certificate is generated and added to the
tomcat.keystore file. The common name (CN) in the self-signed certificate is
set to 0.0.0.0.
Note: The presence of a self-signed certificate is flagged as a warning by many web
browsers when you connect to a blueprint design server that uses a self-signed certificate in the
tomcat.keystore file.
Procedure
Setting up SSL security for the blueprint design server involves these general
steps:
- Transfer the files for the certificate to the computer that hosts the blueprint design
server.
- Add the certificate to the blueprint design server keystore. The blueprint design server has a default keystore in the
server_install/opt/tomcat/conf/tomcat.keystore file. The
default password for this keystore is changeit.
- Restart the blueprint design server.
- Similarly, add the same certificate to the keystore of each agent and agent relay. For example, the default location of an agent keystore is
agent_install/conf/agent.keystore.
- Optional: To configure secure communication between the blueprint design server and an LDAP server, add
the LDAP server certificate to the
JRE_install/jre/lib/security/cacerts file. This file is on
the blueprint design server. Use the installation folder of the JRE for
JRE_install.